This document describes a proposed system for authorized data deduplication in a hybrid cloud. It aims to allow duplicate checks of files while considering users' differential privileges. The system would use file tokens determined by the file and user privilege to control authorized access. It presents several deduplication constructions and security analysis, and discusses implementing a prototype to evaluate overhead. The main modules are user authentication, a secure deduplication system using file tokens, security of duplicate check tokens, and sending encryption keys.